Bio-linking a user and authorization means

ABSTRACT

The invention relates to a system ( 100 ) for authorizing a user ( 111 ) to use a device requiring authorization ( 140 ), and a method of authorizing a user to use such a device. The system comprises identification means ( 130 ) arranged to identify the user, authorization means ( 120, 320 ) arranged to authorize the user to use said device requiring authorization, at least one linking means ( 110 ) arranged to establish and monitor a bio-link between the user and the authorization means, and at least one linking means being further arranged to activate said authorization means in response to a valid user identification by the identification means. Said authorization means ( 120 ) is active only while said link is valid.

The invention relates to a system for authorizing a user to use a devicerequiring authorization, the system comprising authorization meansarranged to authorize the user to use said device, and a method ofauthorizing a user to use such a device.

Document U.S. Pat. No. 5,461,812 discloses a method of protecting aweapon, e.g. a gun, from being used by an unauthorized person. A systemfeatures a finger ring that must be worn on the finger of a weaponowner. Whenever the ring is placed on the finger, an enabling apparatusstored in a secure location, has to be used for sending a signal to boththe weapon and the ring. In use, the signal stored in the ring istransmitted to the weapon, the transmitted signal is compared with thesignal stored in the weapon to allow the person with the ring to operatethe weapon. The person having the ring can use the weapon. The ring hasa switch mechanism to detect whether the ring is worn on the user'sfinger, by providing a switch closure.

However, one can remove the ring without releasing the switch, e.g. byjamming something in the ring. In that way, the unauthorized person mayuse the ring, i.e. the authorization means, and pretend to be authorizedfor using the weapon. The method known in the prior art is notsufficiently secure.

It is an object of the present invention to obviate the drawback of theprior art system, and to provide a method and system for more secureauthorization.

The object of the invention is realized in that the system forauthorizing the user to use the device requiring authorization comprises

identification means arranged to identify the user,

authorization means arranged to authorize the user to use said devicerequiring authorization,

at least one linking means arranged to establish and monitor a bio-linkbetween the user and the authorization means, and

at least one linking means being further arranged to activate saidauthorization means in response to a valid user identification by theidentification means,

said authorization means being active only while said link is valid.

After at least one linking means establishes the bio-link between theuser and the authorization means, the link is monitored to ensure thatthe link is valid, e.g. that the authorization means is attached to theuser. The authorization means may be activated if the user has provedhis identity by using the identification means. The authorization meansmay be active as long as the bio-link is valid. Once the authorizationmeans is active, it can be used for authorizing the user to use at leastone device requiring authorization, instead of asking a direct inputfrom the user.

The system features a presence of the bio-link between the user and theauthorization means. The bio-link allows to determine reliably whetherthe authorization means is in possession of the authorized user.Otherwise, any person might use the authorization means. The bio-linkmay be based on continuous measurements of parameters pertaining to theuser, for example, biometric parameters, which are very difficult tofalsify without breaking the uninterrupted link, for example, breathingsound, heart rate, etc.

In that way, the invention allows the user to avoid safely the procedureof proving his identity to the device requiring authorization wheneverthe user would like to use it. The invention provides a very secure wayof preventing the need for recurring authorization without beingobtrusive or invasive.

If there are many linking means, the authorization means may beactivated by any one of them if the bio-link is valid and the user isidentified by the identification means as the authorized person.

The device requiring authorization may be arranged to require an accesscode, i.e. identification data, for allowing the user to use it. Thesystem may be arranged in such a way that the authorization meansobtains the code from the identification means upon the valid useridentification and, of course, if the bio-link is valid, then theauthorization means may deliver the obtained code to the devicerequiring authorization.

The biometric measurements of parameters obtained by the linking meansmay be used by the identification means for user identification bycomparing a value of one or more parameters with stored identificationdata. Thus, the system always correctly recognizes the user if the usedbiometric data, e.g. an iris scan, finger print, are unique, for humanbeings.

Alternatively, the authorization means may be arranged to use thebiometric measurements obtained by the linking means in lieu of saidaccess code. The access code may be basically transmitted usingencryption techniques, which does not hamper the correct authorizationof the user to use the devices requiring authorization.

The object of the invention is also realized in that the method ofauthorizing the user to use the device requiring authorization,comprises

a step of identifying the user,

a step of establishing and monitoring a bio-link between the user andauthorization means arranged to authorize the user to use said devicerequiring authorization,

a step of activating said authorization means in response to a validuser identification,

said authorization means being active only while said link is valid.

The steps of the method of the present invention elucidate the operationof the system as described above.

These and other aspects of the invention will be further elucidated anddescribed with reference to the accompanying drawings, wherein:

FIG. 1 shows a functional block diagram of the system suitable forimplementing the present invention;

FIG. 2 shows an embodiment of the system according to the presentinvention, in which the examples of linking means arranged to establishand monitor the bio-link are given;

FIG. 3 shows an embodiment of the system according to the presentinvention, in which the identification means, authorization means andlinking means are illustrated;

FIG. 4 shows an embodiment of the system according to the presentinvention, in which authorizing the user to use the device requiringauthorization, with the aid of the authorization means, is illustrated;

FIG. 5 shows an embodiment of the method according to the presentinvention.

FIG. 1 shows an embodiment of the system 100 according to the presentinvention, comprising at least one linking means 110, further referredto as bio-sensor, authorization means 120, identification means 130 anda device requiring authorization 140.

The bio-sensor 110, i.e. linking means, is arranged to establish andmonitor a bio-link between a user 111 and the authorization means 120(or an authorization unit). The authorization unit 120 is arranged toauthorize the user 111 to use the device requiring authorization 140.The identification means 130 (or identification unit) is arranged toidentify the user 111. The device requiring authorization 140 may be thedevice which requires the authorization to use it.

When the bio-link is established between the user and the authorizationunit and the user is validly identified by the identification unit, thebio-sensor may activate the authorization unit so that the user is ableto use the device requiring authorization as long as the bio-link isvalid. Of course, it is more secure to activate the authorization unitafter it is certain that the user is genuine, i.e. identified, and theauthorization unit is “attached” to the user, i.e. the bio-link isvalid. However, the authorization unit maybe activated upon establishingthe bio-link without the user identification, for example, if the systemis arranged to determine that the user is the same person, e.g. becausehe is alone in a room and did not leave the room. Other deviations fromthe described system are possible.

The bio-sensor 110 can determine whether the user is in possession ofthe authorization unit by monitoring the bio-link between the user andthe authorization unit. Using the bio-link, the system can authenticallydetermine that nobody else but only the identified, i.e. intended, userexploits the authorization unit which in turn allows the user to use thedevice requiring authorization.

The bio-link between the user and the authorization unit, established bythe bio-sensor, may be related to some biological function pertaining tothe user as a living entity. This biological characteristic may becontinuous, i.e. substantially the same or slightly vary as long as theuser is in a normal physical condition. The bio-sensor may be arrangedto monitor, e.g. to sense at least one of such characteristics. As longas the sensed characteristic can be sensed and/or varies within somebounds, it may be assumed that the bio-link is not interrupted andvalid. If the bio-link is broken for some period of time, it may meanthat the authorization unit is no longer attached to the authorizeduser.

Since the authorization unit is arranged to identify the user to thedevice requiring authorization, the user is not bothered by requestsfrom this device to authorize him. In this way, the system provides avery secure way of recurring authorization of the user to the devicerequiring authorization.

The bio-sensor may be arranged to measure at least one biometricparameter such as a temperature, breathing sound, heart rate, electricalpotential, etc.

Some examples of the bio-sensor are given with reference to FIG. 2. Thebio-sensor may be arranged to measure the potential 210 over the pinthrough the earlobe. The bio-sensor may be arranged to de-activate theauthorization unit if one or many measured parameters exceed at leastone predetermined threshold. As long as the potential remains contiguouswithin certain values, the earring is considered to be attached to theear. The bio-sensor may be arranged to notify the user, e.g. in the formof alarm, that the bio-link is broken.

The bio-sensor may be a ring 220 arranged to measure the heartbeat inthe finger. As long as the rate shows no severe discontinuities, thering is considered to be around the finger of the user.

In another example, the bio-sensor may be a wrist watch 230 arranged tomeasure the temperature at the watch/wrist interface. In a furtherexample, a device 240, e.g. a belly button, may be arranged to sense thesound of breathing. In a further example, a device 250 located at thehem may be arranged to measure a combination of temperature and lightlevels. In a further example, the bio-sensor 260 may be a patch arrangedto measure the resistivity of the skin. In a further example, thebio-sensor 270 may be arranged to measure humidity inside the shoe. In afurther example, the bio-sensor may be a wearable computing device suchas a personal digital assistant (PDA) arranged to measure contactcurrent. Yet, in further examples, the bio-sensor may be attached to atongue of the user by piercing it, or the bio-sensor may be a swallowedcapsule or a belt buckle, etc.

It should be noted that the authorization unit and/or the bio-sensordo(es) not necessarily have to be in physical contact with the user'sbody.

More than one bio-sensor may be included into the system 100. The systemmay comprise more than one bio-sensor arranged to sense the samebiometric characteristic. The measurements of the characteristic may befurther related, e.g. averaged, or the bio-link may be considered validas long as at least one of the measurements is admissible.

The identification of the user by the identification unit, andactivation of the authorization unit may be done in many ways. Theidentification unit may acquire user data from the user and compare themwith identification data stored in the system. The user may be requiredby the identification unit to input the user data, or the user mayinitiate the input himself. In one of the embodiments of the presentinvention, the identification unit may comprise a camera behind thedressing mirror, capturing the features of the face of the person, i.e.the user, standing in front of it. The detected features of the user aresubsequently matched with those on store in the system. In anotherexample, the identification unit may be a terminal at which anidentifying password needs to be entered. In a further example, theidentification unit may comprise a touch-sensitive covering on top ofsome device, e.g. the watch, said covering being arranged to sense afinger print. In a further example, the identification unit may comprisea scanning device acquiring the user data by scanning the user body whenthe user goes through a portal, e.g. the front door. In a furtherexample, the user has to stare directly at a camera for an iris scan.

In one of the embodiments, the identification unit may compriseinput/output means arranged to interactively communicate with the userto identify him. The identification unit may be arranged to obtaincertain biometric measurements pertaining to the user, such as thefinger print or a voice recognition. In one example, the identificationunit may communicate to the user a request to confirm that he is a userN.N. If the user inputs an affirmative reply, the identification unitmay compare the obtained biometric measurements of that user with useridentification data in a database stored in the system. If themeasurements and the user identification data are different, theidentification unit may refuse to authenticate the user as the userN.N., and a more robust or secure identification procedure(s) may beinitiated.

The authorization unit according to the present invention may beembodied in different manners. The authorization unit may comprise awireless communication unit for communicating identification data to thedevice requiring authorization. The identification data may be datanecessary to authorize the user to the device requiring authorization.Said identification data may be delivered to this device by using thewell-known “Bluetooth” technology. In another example, a direct contactsuch as a wired connection may be used to deliver the identificationdata.

There may be many ways of authorizing the user to use the devicerequiring authorization. For example, the identification unit may storeidentification data which are necessary for the authorization of theuser to the correspondent device requiring authorization. Theauthorization unit may deliver the identification data to the devicerequiring authorization. In another example, the authorization unititself may be used for identifying the user to the correspondent devicerequiring authorization if said authorization unit is activated by thebio-sensor.

In one of the embodiments of the present invention, the identificationunit and authorization unit may be included in one device, so that notransmission of the identification data is needed.

According to au embodiment of the present invention, the authorizationunit and the bio-sensor may be implemented in one device. In this case,the activation of the authorization unit may be realized in a simpleway. If the authorization unit and the bio-sensor are not incorporatedin one device, there may be a need to secure the transmission of anactivation signal from the bio-sensor to the authorization unit, forexample, by using encoding techniques to encode an activation code foractivating the authorization unit.

In a further embodiment, the system may comprise many bio-sensors, eachof which is capable of activating the authorization unit uponestablishing the valid bio-link and valid user identification.

In a further embodiment, the system may comprise more than oneauthorization unit. Each authorization unit may need to obtain a validbio-link between a particular authorization unit and the user,established and monitored by the bio-sensor. Once one of a plurality ofthe authorization units receives information that the user is identifiedby the identification unit, all authorization units having validbio-links may be activated.

Any authorization unit having the valid bio-link may obtain theidentification data from the authorization unit which has the validbio-link and has already obtained the identification data from theidentification unit. In this way, any subsequent authorization unithaving the valid bio-link may not always need separate identificationbut can obtain its identification data from the bio-linked authorizationunit that has already received the identification data. Thus, if thebio-link between one of the authorization units and the user istemporarily lost, e.g. for a small period of time such as severalseconds, the user may not need to be identified again by theidentification unit.

In one of the embodiments, several authorization units may need only onebio-sensor and therefore only one bio-link. Such authorization unitshaving the same bio-link may be arranged to authorize the user to usedifferent devices requiring authorization. These authorization units maycorrespondingly need to obtain different identification data for therespective devices requiring authorization. The identification unit maystore such different identification corresponding to the respectivedevices requiring authorization.

After the identification data are delivered to the device requiringauthorization, the device may compare the identification data with theauthorization data stored in the device requiring authorization. If thedata are identical, the user may be permitted to use the device. Thedevice requiring authorization may be any device capable of verifyingthe identification data delivered to it by the authorization unit to letthe user use this device. Such a device requiring authorization may beincorporated in a consumer electronics device such as PDA, PC,television set, etc, automobiles and other apparatuses. Of course, merethan one device requiring authorization may be used by the authorizeduser.

FIG. 3 shows the identification unit 330 arranged to identify the user310, the authorization unit and the bio-sensor arranged in the form of awrist watch 320.

FIG. 3 illustrates activation of the authorization unit 320. The user310 has put on his wrist watch 320 comprising the authorization unitaccording to the invention, which happens to be temperature-sensitive.The authorization unit 320 is tied to the user 310 using the bio-sensorby establishing a continuous link, i.e. the bio-link, based on thetemperature at the watch/wrist interface. Before the user 310 goes out,he may check his hair. In doing so, the user may offer his face to theidentification unit 330 comprising a camera. The camera maybe arrangedto acquire an image of the user's face 331 for a subsequent recognition332 by the identification unit. If the user is recognized by theidentification unit, the identification unit may send the activationsignal for activating the authorization unit to the bio-sensor comprisedin the watch 320.

The identification unit may be arranged to store the identification dataincluding a code 335 associated with a particular user, and to retrievethe identification data corresponding to the user upon said recognition332. Furthermore, the identification unit may be arranged to send theidentification information 335 to the authorization unit. Theauthorization unit 320 may comprise a memory for storing theidentification information which may be erased if the bio-link betweenthe user and the authorization unit 320 is lost. If the identificationinformation is erased, the authorization unit may need to be activatedagain.

The authorization unit may be used to identify the user to the devicerequiring authorization by delivering the identification information 335to said device. It is an advantage of the present invention that afterthe activation of the authorization unit 320, the means 320 may be usedinstead of requiring direct input from the user.

FIG. 4 illustrates authorizing the user 310 to use the device requiringauthorization 470, wherein it is assumed that the authorization unit 320has been activated. The user 310 approaches the car 470, i.e. the devicerequiring authorization. His wrist watch 320, beingtemperature-sensitive, may be used to identify him to the car 470. Theauthorization unit 320 may transmit to the car the identification code430 which may be the same or related to the identification information335 mentioned with reference to FIG. 3. Then, the car may unlock thedoors, configure the driver seat to user's preferences, switch a radioin the car to a user's favorite station, etc.

FIG. 5 shows an embodiment of the method of the present invention. Instep 510, the bio-sensor 110 may establish the bio-link between the user111 and the authorization unit 120. In step 520, the identification unit130 may identify the user 111. If the user is identified and the validbio-link is obtained, the bio-sensor activates said authorization unit120 in step 530. In step 540, the bio-sensor monitors whether theestablished bio-link is valid. After said activation, the authorizationunit may be used to authorize the user to use the device requiringauthorization 140 in step 550, if the bio-link is valid. If the bio-linkis not valid, the identification and/or re-establishing of the bio-linkmay be needed. The method of the present invention describes theoperation of the system as disclosed above. Further embodiments of themethod, corresponding to the embodiments of the system of the presentinvention described above, may be derived therefrom.

In one of the embodiments of the present invention, the television set,video recorder or other consumer electronics device may be arranged torequire authorization for using it. The remote control unit, keyboard,trackball, mouse or other user input device arranged to control such aconsumer electronics device may incorporate the authorization unitand/or the bio-sensor as described above. In a further embodiment, saiduser input device may also comprise the identification unit. Forexample, the remote control unit may be provided with a touch-sensitivescreen adapted to acquire the user finger print for identifying theuser. The remote control unit may also be provided with a sensor forsensing whether the user is in proximity of the control unit, so thatthe remote control unit may be made personal to a particular user. Sucha remote control unit may be designed to be very easy to use, forexample, in the form of a bracelet.

The various program products may implement the functions of the deviceand method of the present invention and may be combined in several wayswith the hardware or located in different other devices. Variations andmodifications of the described embodiment are possible within the scopeof the inventive concept. Thus, for example, the use of the verb ‘tocomprise’ and its conjugations does not exclude the presence of elementsor steps other than those defined in a claim. The invention can beimplemented by means of hardware comprising several distinct elements,and by means of a suitably programmed computer. In the device claimenumerating several means, several of these means can be embodied by oneand the same item of hardware.

1. A system (100) for authorizing a user (111) to use a device requiring authorization (140), the system comprising: identification means (130) arranged to identify the user, authorization means (120, 320) arranged to authorize the user to use said device requiring authorization, at least one linking means (110) arranged to establish and monitor a bio-link between the user and the authorization means, and at least one linking means (110) being further arranged to activate said authorization means in response to a valid user identification by the identification means, said authorization means (120, 320) being active only while said link is valid.
 2. The system of claim 1, wherein the authorization means is arranged to be activated by any one of a plurality of said linking means.
 3. The system of claim 1, wherein the authorization means is arranged to obtain from the identification means identification data (335) and to deliver said identification data to the device requiring authorization.
 4. The system of claim 1, wherein the linking means (210, 220, 230, 240, 250, 260, 270) is arranged to measure at least one biometric parameter pertaining to said user.
 5. The system of claim 4, wherein the linking means is arranged to de-activate said authorization means if at least one parameter exceeds at least one predetermined threshold.
 6. The system of claim 4, wherein the identification means is arranged to obtain a value of at least one parameter measured by the linking means, and to compare said value with identification data stored in the system.
 7. The system of claim 4, wherein the biometric parameter pertaining to the user is selected from a group of temperature, breathing sound, heart rate, electrical potential.
 8. The system of claim 1, comprising a plurality of the authorization means.
 9. The system of claim 8, wherein a first authorization means is arranged to obtain identification data from a second authorization means which has obtained said identification data, said identification data being used to authorize the user to use said device requiring authorization.
 10. A method of authorizing a user to use a device requiring authorization, the method comprising: a step (520) of identifying the user, a step (510) of establishing and monitoring a bio-link between the user and authorization means arranged to authorize the user to use said device requiring authorization, a step (530) of activating said authorization means in response to a valid user identification, said authorization means being active only while said link is valid.
 11. A computer program product enabling a programmable device when executing said computer program product to function as the system as defined in claim
 1. 